On Week 1 of Sep 2013, New York Times, Twitter hacked by Syrian group; USA Today reported that NSA performed exercise which used supercomputers to crack Web encryption.
On Week 5 of Aug 2013, Yahoo reported that China to probe big IT firms after Snowden leaks.
On Week 3 of Aug 2013, Reuters reported that U.S house of rep rejected bid to curb spy agency data collection.
On week 3 of July 2013, Oracle issued 89 security fixes.
On July 1, 2013, Malaysian .com.my domains were compromised by hacker Tiger-m@te, allegedly Bangladeshi origin
The trends and news which emerged from Q3 2013 for computer security carry themselves a few common themes.
- Software makers to be made responsible for security bugs - the industry seems to be moving towards this direction and this is bad news for software makers.
- The NSA, Snowden, PRISM, cyber-espionage related news help people to understand the cyber security landscape better.
- and the biggest Internet players were taken to tasks with personal data protection.
- DDoS attacks stopped.
- Based on Q1 2013 and Q2 2013 review, two trends are brought forward to Q3. 1.) Mobile trends such as BYOD serves as catalyst for growth in security vulnerability; 2.) Security companies introduced proactive approach for security solution - with Intelligent security features - Verizon DBIR 2013 confirms that 71% of breaches targeted user devices than servers.
- Even though enterprise security vendors are banking on proactive approach with enhanced intelligent, however not much APTs recorded - Verizon DBIR 2013 confirms that only 25% of breaches are APTs related while others are opportunistic and 78% graded as less sophisticated.
- and what was worst is that despite 78% being graded as less sophisticated attacks, 66% took months to be discovered and 69% of those (discovered are) by external parties.
- Parallel with 2012 and predictions for 2013, zero-day exploits are still popular and Android malwares continue to grow.
Some interesting facts to note:
- Facebook said no to Putrajaya’s request for details on 197 users.
- The high cost of a security breach: averages $649,000.
- Cybercrime costs the global economy between $100 billion and $500 billion annually.
- Lloyds survey found that cyber threats are now the third biggest worry for CEOs.
- F-Secure: The most used exploits kits in the world is BLACKHOLE.
- F-Secure: CVE-2011-3402 is among the most targeted vulnerabilities in the world.
- F-Secure: Worm: W32/Downadup (also known as Conficker) is the most detected threat in Malaysia.
For this week / last week, here are / were the biggest news.
- The Bank of Fakes – almost a third of users have received bogus bank emails.
- Secure Identity Alliance welcomes three new members.
- Symantec successfully sinkholes significant part of the massive ZeroAccess Botnet
- AccessData Announces Interoperability with HP ArcSight to Deliver Accelerated Incident Response to Security Threats.
- CyberArk unveils Master Policy.
- Verizon: 2013 Data Breach Investigation Reports (DBIR).
- Kaspersky Lab exposes “Icefog” APT: a new cyber-espionage campaign focusing on supply chain attack.
- AccessData: Broken cyber security model insufficient against APTs.
- ECSB strengthens security portfolio through new partnership with Barracuda.
- American Express Malaysia phishing site is discovered. today@http://www.americanexpress.com.my/ --> please DO NOT visit!
- Cellebrite presents Mobile Forensics trends for year 2014.
- F-Secure’s Latest Threat Report: nearly 60% of F-Secure’s top ten detections in the H1 2013 were exploits.
- Microsoft has published a security advisory on vulnerability in IE.
- Kaspersky: more than 1/3 malware attacks costs users money.
- Reuters: Hackers offered cash to crack iPhone's fingerprint security.
- Symantec: Hidden Lynx, pioneers of 'watering hole', professional for hire.
- Mcafee: Lily Collins the most dangerous cyber celebrity of 2013, Rain emerges as Asian equivalent.
- Reuters: Iran unblocks Facebook and Twitter access
- Kaspersky Lab Brings its Best Security Technologies Together
- AccessData partners with Contego Solutions to Fortify Digital Forensics Capabilities of Middle East Enterprises.
- Bouygues Telecom Secures Critical Business Systems with CyberArk Solutions.
- Reuters: Hacker steals two million Vodafone data.